#!/usr/bin/env bash

# ca key
openssl genrsa -out keys-ca/ca.key 2048
# ca 秘钥
openssl req -new -x509 -days 7200 -key keys-ca/ca.key -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=localhost/emailAddress=1577121881@qq.com" -out keys-ca/ca.pem

# server
# Key considerations for algorithm "RSA" ≥ 2048-bit
openssl genrsa -out keys-ca/server.key 2048
# 生成 csr
openssl req -new -key keys-ca/server.key -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=localhost/emailAddress=1577121881@qq.com"  -out keys-ca/server.csr
# 签发 server
openssl x509 -req -sha256 -CA keys-ca/ca.pem -CAkey keys-ca/ca.key -CAcreateserial -days 3650 -in keys-ca/server.csr -out keys-ca/server.pem


# client
# Key considerations for algorithm "RSA" ≥ 2048-bit
openssl genrsa -out keys-ca/client.key 2048
# 生成 csr
openssl req -new -key keys-ca/client.key -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=localhost/emailAddress=1577121881@qq.com"  -out keys-ca/client.csr
# 签发 server
openssl x509 -req -sha256 -CA keys-ca/ca.pem -CAkey keys-ca/ca.key -CAcreateserial -days 3650 -in keys-ca/client.csr -out keys-ca/client.pem


